Skip to main content

Tutorial: Secure All Internet Traffic by Configuring a Private Network as an Internet Gateway

Abstract

Learn how to securely route all internet traffic through CloudConnexa by configuring a private network as an internet gateway for centralized internet security and traffic control.

Overview

Abstract

Learn how to set up secure internet access for your CloudConnexa users with an egress network that acts as an internet gateway.

This tutorial shows how to securely route all internet traffic through CloudConnexa by configuring a private network as an internet gateway.

With this setup:

  • User internet traffic is tunneled through CloudConnexa.

  • Traffic exits to the internet from a trusted private network.

  • Users can securely access the internet from untrusted locations such as hotels, airports, cafés, and public Wi-Fi networks.

  • Organizations can apply additional security controls such as DNS filtering, monitoring, CASB, or IDS/IPS inspection.

This configuration is useful for organizations that want centralized control over internet-bound traffic without managing traditional VPN infrastructure.

secure-internet-diagram.png

Before you begin

Before starting this tutorial, ensure you have:

  • A CloudConnexa account and Cloud ID.

  • A private network that can act as an internet gateway.

  • A Linux system available for Connector deployment within the private network.

  • Permission to install and configure a Connector on the server.

  • OpenVPN Connect available for testing connectivity.

You should also be familiar with:

Step 1: Create a Network to act as an internet gateway

Create a Network in CloudConnexa to serve as the internet gateway for outbound traffic.

To create the Network, follow these steps:

  2. Create a new Network. For reference: Add a Network for secure internet access

  3. Ensure the Internet Gateway option is turned on during network creation.

  4. Don't configure subnets if the network will only be used as an internet gateway.

  5. Complete the setup.

Refer to:

Step 2: Deploy a Connector on the internet gateway network

Deploy a Connector on a server within the private network to route internet traffic from CloudConnexa to the internet.

We recommend using Linux for the Connector host.

To deploy the Connector, follow the steps below:

  1. Prepare a server or virtual machine with:

    • Internet access.

    • A public IP address.

    • Routing enabled.

  2. Install the Connector using the deployment instructions provided in the CloudConnexa Administration portal. Details found here: Add a Connector to a Network.

  3. Verify that the Connector successfully connects to CloudConnexa.

  4. Confirm the Network status changes to online.

Refer to:

Step 3: Configure internet access for user groups

Configure User Groups to route all internet traffic through CloudConnexa and the configured internet gateway.

To change the Internet Access setting, follow the steps below:

  1. Navigate to Access → Internet.

  2. On the User Groups tab, locate the user group you want to modify.

  3. Click the edit (pencil_icon.png) icon.

  4. Set Internet Access to Split Tunnel Off.

  5. Select the new network from the Interne Gaeway (Egress) drop-down.

  6. Click Update Internet Access.

When Split Tunnel Off is enabled:

  • All internet traffic is tunneled through CloudConnexa.

  • Traffic exists through configured internet gateways instead of the user's local internet connection.

Refer to:

Tip

With Split Tunnel Off configured, you can use Tunnel Bypass to route specific destinations directly to the local network gateway rather than through CloudConnexa. This is useful when users need access to locally reachable resources such as on-premises systems or intranet services while all other traffic remains securely tunneled. Tunnel Bypass is configured per User Group. Refer to About Tunnel Bypass.

Step 4: Verify internet traffic routing

Verify that internet traffic is securly routed through the configured internet gaetway.

To verify the configuration, follow the steps below:

  1. Connect a device to CloudConnexa using OpenVPN Connect.

  2. Open a browser and visit a public IP lookup website.

  3. Verify that the displayed public IP address matches the public IP address of the Connector host or internet gateway network.

    • If the displayed public IP address matches the internet gateway network, the configuration is working correctly.

Illustration of successful routing:

verify_routing_diagram.svg

Step 5: Add users and begin secure internet access

After verifying the configuration, add users to CloudConnexa and provide access.

To add users, follow these steps:

  1. Navigate to Users → Users in the Administration portal.

  2. Add users using their email address or your preferred authentication method.

  3. Instruct users to connect using OpenVPN Connect.

Once connected:

  • All internet traffic is securely routed through CloudConnexa.

  • Traffic exits through the configured internet gateway.

  • Additional security controls can be applied centrally.

Refer to:

In this section: